Description
This article describes the functions of the CLI script on FortiManager and how to use them in each use case. There are three options to run a script on FortiManager, as per below:
- Device Database.
- Policy Package or ADOM Database.
- Remote FortiGate Directly (via CLI).
Scope
FortiManager.
Solution
- Device Database
- Create a script that runs on the Device Database.
- Run the script by selecting the Script -> Run Script -> Select a device to run a Script -> Run Now -> OK.
- Make sure the script is running without error.
- After running the script, the changes will reflected on the Device Database configuration. (The config status will show 'Modified'.)
- It will be necessary to install (Install Device Settings (only)) the changes to reflect on the FortiGate.
- Policy Package or ADOM Database:
- Create a script that runs on a Policy Package or the ADOM Database.
- Run the script by selecting the Script -> Run Script -> Select a policy package -> Run Now.
- Make sure the script running without error.
- After running the script, the changes will reflected on the Policy Package configuration. (The Policy Package Status will show 'Modified'.)
- Install (Install Policy Package & Device Settings) the changes to reflect on the FortiGate.
- Remote FortiGate Directly (via the CLI):
- Create a script that runs on the remote FortiGate Directly (via the CLI).
- Run the script by selecting the Script -> Run Script -> Select a policy package -> Run Now.
- Make sure the script running without error.
- Since the script is installed directly on the FortiGate it will automatically perform a Retrieve back to FortiManager, and the expected output on Config Status is "Synchronize" and the Policy Package will be 'Unknown'.
Note:
To get an output for the commands 'get' and 'show', use this option to run a script from FortiManager. Select the 'Lens' icon after successfully running the script to check on the output.
Related documents:
